Comments on: Watching me watching you http://www.p2pnet.net/story/13155 p2pnet.net - reader powered Wed, 01 Feb 2012 15:11:09 -0300 http://wordpress.org/?v=2.8.4 hourly 1 By: Reader's Write http://www.p2pnet.net/story/13155/comment-page-1#comment-169978 Reader's Write Thu, 30 Aug 2007 18:04:26 +0000 http://www.p2pnet.net/story/13155#comment-169978 But, wouldn't the use of these encryption programs automatically cause the government to start scrutinizing you closely, whereas they may have previously ignored you as benign? After all, it is the philosophy of the government that you have no reason to hide anything unless you have "something" to hide. I would think the use of these programs and methods would only serve to call additional, unwanted attention to yourself. But, wouldn’t the use of these encryption programs automatically cause the government to start scrutinizing you closely, whereas they may have previously ignored you as benign? After all, it is the philosophy of the government that you have no reason to hide anything unless you have “something” to hide.

I would think the use of these programs and methods would only serve to call additional, unwanted attention to yourself.

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169205 Anon Tue, 28 Aug 2007 17:08:37 +0000 http://www.p2pnet.net/story/13155#comment-169205 Concerned individuals/groups should consider encrypting Email, Instant Messaging, and VOIP (Internet telephony), and employing anonymity technologies. For more information; http://www.panta-rhei.eu.org/news/newsportal-0.36/article.php?id=94218&group=alt.privacy#94218 http://www.panta-rhei.eu.org/pantawiki/SecurityAndEncryptionFaq http://en.wikipedia.org/wiki/Pretty_Good_Privacy http://en.wikipedia.org/wiki/GNU_Privacy_Guard http://en.wikipedia.org/wiki/Off-the-Record_Messaging http://en.wikipedia.org/wiki/Hushmail http://en.wikipedia.org/wiki/Zfone Concerned individuals/groups should consider encrypting Email, Instant Messaging, and VOIP (Internet telephony), and employing anonymity technologies.

For more information;

http://www.panta-rhei.eu.org/news/newsportal-0.36/article.php?id=94218&group=alt.privacy#94218
http://www.panta-rhei.eu.org/pantawiki/SecurityAndEncryptionFaq
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
http://en.wikipedia.org/wiki/Off-the-Record_Messaging
http://en.wikipedia.org/wiki/Hushmail
http://en.wikipedia.org/wiki/Zfone

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169204 Anon Tue, 28 Aug 2007 17:01:28 +0000 http://www.p2pnet.net/story/13155#comment-169204 DriveCrypt Plus Pack and "plausible deniability"? I believe it may also be possible to use DriveCrypt Plus Pack to achieve "plausible deniability" DCPP is supposed to enable the user to hide an entire operating system inside the free disk space of another operating system. Two passwords are required: One password is for the visible operating system, the other for the invisible one. The first "fake" password grants access to a pre-configured operating system (outer OS), while the other gives grants access to the real working operating system. This functionality is extremely useful if the user fears that someone may force them to provide the DCPP password; in this case, the user simply gives away the first (fake) password so that the snoop will be able to boot into the system, but only see the prepared information that they wishes them to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if the user enters the private password (for the invisible disk), the system will boot a different operating system (the working system) giving the user the access to all the confidential data. The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out, if a hidden operating system exists or not. -- DriveCrypt Plus Pack and “plausible deniability”?

I believe it may also be possible to use DriveCrypt Plus Pack to achieve “plausible deniability”

DCPP is supposed to enable the user to hide an entire operating system inside the free disk space of another operating system. Two passwords are required: One password is for the visible operating system, the other for the invisible one. The first “fake” password grants access to a pre-configured operating system (outer OS), while the other gives grants access to the real working operating system. This functionality is extremely useful if the user fears that someone may force them to provide the DCPP password; in this case, the user simply gives away the first (fake) password so that the snoop will be able to boot into the system, but only see the prepared information that they wishes them to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if the user enters the private password (for the invisible disk), the system will boot a different operating system (the working system) giving the user the access to all the confidential data.

The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out, if a hidden operating system exists or not.

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169202 Anon Tue, 28 Aug 2007 17:00:31 +0000 http://www.p2pnet.net/story/13155#comment-169202 Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR provides perfect forward secrecy and deniable encryption. 1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts. 2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR provides perfect forward secrecy and deniable encryption.

1. Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.

2. Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person.

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169201 Anon Tue, 28 Aug 2007 16:59:20 +0000 http://www.p2pnet.net/story/13155#comment-169201 TrueCrypt's "aleatory" defence against RIPA TrueCrypt provides an "aleatory" defence against RIPA, and, indeed, against any similar legislation. This defence works because TrueCrypt makes encrypted material indistinguishable from pseudo-random data. And before the authorities can insist that you hand over an encryption key, they would first be obliged to prove to the satisfaction of a court that you were in possession of encrypted material. Depending on how TrueCrypt is set up it might be obvious that you have some pseudo-random data in an atypical location on your computer, and you might well be asked how it got there. Now, there are many computer processes that produce pseudo-random data, and you are not obliged by the legislation to account for the origins of every file on your computer that contains such data given the tens of thousands of files on the average PC this would be an impossible task. However, TrueCrypt can also provide you with an excellent and highly plausible reason as to why you possess such a file of pseudo-random data irrespective of where it is found. TrueCrypt’s “aleatory” defence against RIPA

TrueCrypt provides an “aleatory” defence against RIPA, and, indeed, against any similar legislation. This defence works because TrueCrypt makes encrypted material indistinguishable from pseudo-random data. And before the authorities can insist that you hand over an encryption key, they would first be obliged to prove to the satisfaction of a court that you were in possession of encrypted material. Depending on how TrueCrypt is set up it might be obvious that you have some pseudo-random data in an atypical location on your computer, and you might well be asked how it got there. Now, there are many computer processes that produce pseudo-random data, and you are not obliged by the legislation to account for the origins of every file on your computer that contains such data given the tens of thousands of files on the average PC this would be an impossible task. However, TrueCrypt can also provide you with an excellent and highly plausible reason as to why you possess such a file of pseudo-random data irrespective of where it is found.

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169200 Anon Tue, 28 Aug 2007 16:58:50 +0000 http://www.p2pnet.net/story/13155#comment-169200 FreeOTFE can be found at http://www.freeotfe.org/ Off-the-Record (OTR) can be found at http://www.cypherpunks.ca/otr/ TrueCrypt can be found at http://www.truecrypt.org/ FreeOTFE can be found at http://www.freeotfe.org/
Off-the-Record (OTR) can be found at http://www.cypherpunks.ca/otr/
TrueCrypt can be found at http://www.truecrypt.org/

]]> By: Anon http://www.p2pnet.net/story/13155/comment-page-1#comment-169198 Anon Tue, 28 Aug 2007 16:56:18 +0000 http://www.p2pnet.net/story/13155#comment-169198 TrueCrypt thrawts RIPA III The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade. Free software like TrueCrypt can conceal encrypted material in a way that prevent its detection. In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of "plausible deniability": 1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way. 2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. FreeOTFE also offers similar features. Off-the-Record (OTR) Messaging, offers true deniability for instant messaging. TrueCrypt thrawts RIPA III

The UK government is going to deprive honest an law-abiding citizens of their liberties while criminals can carry on theirs businesses as usual, with just a little software upgrade.

Free software like TrueCrypt can conceal encrypted material in a way that prevent its detection.

In case the Police forces you to reveal your password, TrueCrypt provides and supports two kinds of “plausible deniability”:

1. Hidden volumes. The principle is that a TrueCrypt volume is created within another TrueCrypt volume (within the free space on the volume). Even when the outer volume is mounted, it is impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created* and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

2. It is impossible to identify a TrueCrypt volume. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any kind of “signature”). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted.

FreeOTFE also offers similar features.

Off-the-Record (OTR) Messaging, offers true deniability for instant messaging.

]]>